bug fixed

pepeleaks · pepeleaks · commit 3240b0253391 · 2023-11-10T02:59:35.000+03:00
diff --git a/INFO/changelog.json b/INFO/changelog.json
@@ -4,5 +4,11 @@
         "changes": [
             "De4py released"
         ]
+    },
+    {
+        "version": "1.0.1",
+        "changes": [
+            "bug fixed for BlankOBF deobfuscator"
+        ]
     }
 ]
diff --git a/INFO/version b/INFO/version
@@ -1 +1 @@
-V1.0
+V1.0.1
diff --git a/deobfuscators/blankOBF.py b/deobfuscators/blankOBF.py
@@ -15,7 +15,12 @@ def disasm(text):
     original_stdout = sys.stdout
     try:
         sys.stdout = disassembly_output
-        dis.dis(marshal.loads(base64.b64decode(codecs.decode(variable_list[0][1], 'rot13')+variable_list[2][1]+variable_list[3][1][::-1]+variable_list[1][1])))
+        marshal_code=(base64.b64decode(codecs.decode(variable_list[0][1], 'rot13')+variable_list[2][1]+variable_list[3][1][::-1]+variable_list[1][1]))
+        try:
+            dis.dis(marshal.loads(marshal_code))
+        except:
+            print("failed to dis marshal code so heres the marshal code only:\n")
+            print(marshal_code)
     finally:
         sys.stdout = original_stdout
     disassembly_text = disassembly_output.getvalue()
diff --git a/deobfuscators/detector.py b/deobfuscators/detector.py
@@ -8,7 +8,7 @@
     ("PlusOBF",r"exec\(\"\"\.join\(\[chr\(len\(i\)\) for i in d\]\)\)",PlusOBF),
     ('jawbreaker', r'([a-zA-Z_]\w{3})\s*=\s*([^;]+);', jawbreaker),
     ("wodx", r'(?:__NO_NO){23}', wodx),
-    ("BlankOBF", r"import base64, lzma; exec\(compile\(lzma\.decompress\(base64\.b64decode\(b'([A-Za-z0-9+/=]+)'\)\), \"<string>\", \"exec\"\)\)", BlankOBF),
+    ("BlankOBF", r"import\s*base64,\s*lzma;\s*exec\(compile\(lzma\.decompress\(base64\.b64decode\(b'([A-Za-z0-9+/=]+)'\)\)\s*,\s*\"<string>\"\s*,\s*\"exec\"\)\)", BlankOBF),
 ]
 def detect_obfuscator(file_path):
     file_data = open(file_path,'r',encoding='utf8').read()

Original file line number	Diff line number	Diff line change
`@@ -4,5 +4,11 @@`
`4`	`4`	`"changes": [`
`5`	`5`	`"De4py released"`
`6`	`6`	`]`
	`7`	`+ },`
	`8`	`+ {`
	`9`	`+ "version": "1.0.1",`
	`10`	`+ "changes": [`
	`11`	`+ "bug fixed for BlankOBF deobfuscator"`
	`12`	`+ ]`
`7`	`13`	`}`
`8`	`14`	`]`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`("PlusOBF",r"exec\(\"\"\.join\(\[chr\(len\(i\)\) for i in d\]\)\)",PlusOBF),`
`9`	`9`	`('jawbreaker', r'([a-zA-Z_]\w{3})\s=\s([^;]+);', jawbreaker),`
`10`	`10`	`("wodx", r'(?:__NO_NO){23}', wodx),`
`11`		`- ("BlankOBF", r"import base64, lzma; exec\(compile\(lzma\.decompress\(base64\.b64decode\(b'([A-Za-z0-9+/=]+)'\)\), \"<string>\", \"exec\"\)\)", BlankOBF),`
	`11`	`+ ("BlankOBF", r"import\sbase64,\slzma;\sexec\(compile\(lzma\.decompress\(base64\.b64decode\(b'([A-Za-z0-9+/=]+)'\)\)\s,\s\"<string>\"\s,\s*\"exec\"\)\)", BlankOBF),`
`12`	`12`	`]`
`13`	`13`	`def detect_obfuscator(file_path):`
`14`	`14`	`file_data = open(file_path,'r',encoding='utf8').read()`